1

Contractual Ciso Jobs (NOW HIRING)

Annual re-attestation support; named contact for customer audits under contractual audit rights ... Prior CISO / vCISO / security-lead experience at a company that sold to large enterprises -- you ...

New

The Deputy CISO will separate cybersecurity responsibilities from traditional IT operations, ... Align cybersecurity compliance with contractual, regulatory, client-driven, and industry-specific ...

Sr Dir - Cybersecurity

Oshkosh, WI

$108K - $146K/yr

Reporting directly to the CISO, this role serves as the CISO's primary operational deputy, leading ... contractual security requirement analyses across all business units and geographies. * Oversee ...

Sr Dir - Cybersecurity

Oshkosh, WI · On-site

$108K - $146K/yr

Reporting directly to the CISO, this role serves as the CISO's primary operational deputy, leading ... contractual security requirement analyses across all business units and geographies. * Oversee ...

Vice President of Cybersecurity

Detroit, MI · Hybrid

$148K - $186K/yr

... CISO-equivalent leader. This role is responsible for defining and executing enterprise-wide ... Ensure continuous audit readiness and contractual compliance across programs * Oversee enterprise ...

Vice President of Cybersecurity

Detroit, MI · On-site

$155K - $194K/yr

... contractual compliance across programs • Oversee enterprise risk management, vulnerability ... CISO or CISO-adjacent roles • Demonstrated success leading enterprise cybersecurity, governance ...

next page

Showing results 1-20

Contractual Ciso information

See salary details

$70K

$148.7K

$232.5K

How much do contractual ciso jobs pay per year?

As of Jul 17, 2026, the average yearly pay for contractual ciso in the United States is $148,746.00, according to ZipRecruiter salary data. Most workers in this role earn between $118,000.00 and $167,500.00 per year, depending on experience, location, and employer.

What is the difference between Contractual Ciso vs Information Security Analyst?

AspectContractual CisoInformation Security Analyst
CertificationsCISSP, CISM, CISACISSP, Security+
Work EnvironmentExecutive-level, strategic, often consultingOperational, technical, hands-on
Employer & Industry UsageFirms seeking high-level security leadership on a contract basisOrganizations managing day-to-day security operations

The Contractual Ciso typically provides strategic security leadership on a temporary basis, focusing on policy and risk management, while the Information Security Analyst handles technical security tasks daily. Both roles require security certifications, but the Ciso's scope is broader and more strategic, often in consulting contexts, whereas the analyst's role is more technical and operational.

More about Contractual Ciso jobs
What cities are hiring for Contractual Ciso jobs? Cities with the most Contractual Ciso job openings:
What are the most commonly searched types of Ciso jobs? The most popular types of Ciso jobs are:
What states have the most Contractual Ciso jobs? States with the most job openings for Contractual Ciso jobs include:
Infographic showing various Contractual Ciso job openings in the United States as of July 2026, with employment types broken down into 8% Locum Tenens, 2% Internship, 4% As Needed, 79% Full Time, 1% Contract, and 6% Nights. Highlights an 77% Physical, 5% Hybrid, and 18% Remote job distribution, with an average salary of $148,746 per year, or $71.5 per hour.
Fractional CISO

Fractional CISO

Reflexion

Lancaster, PA • Remote

Contractor

Posted yesterday

New


Job description

Fractional CISO

This is a fully remote (work-from-home) position. Work from anywhere in the United States.

Contract / fractional · ~15–25 hrs in the first 60 days, then ~5–10 hrs per quarter

About Reflexion

Reflexion Interactive Technologies builds neuro-cognitive and physiological sensing technology — vision-performance training and respiration-waveform sensing — used by athletes, teams, and now a global consumer-eyewear partner. We are a ~10-person, AWS-hosted company based in Lancaster, PA, closing enterprise partnerships that bring enterprise-grade vendor-security requirements with them.

The role

We are hiring a fractional CISO to be the accountable security executive behind our compliance program as we finalize a major enterprise deal. This is not a build-a-SOC, hire-a-team role: our application-layer security is strong (bcrypt, encrypted sessions, CSRF, parameterized SQL, strict CSP, MFA/RBAC, AES-256 at rest, TLS 1.2+), our compliance calendar and evidence pipeline are run day-to-day by an internal compliance system, and engineering is handled by our CTO. What we need is the credentialed human who signs, validates, and represents.

You will work directly with the CEO (deal owner) and CTO (implementation owner). Our internal compliance agent drafts the documents, tracks the obligations register, and maintains the evidence locker — you review, correct, and put your name on what is true.

What you will do — first 60 days
  • Review and harden our Statement of Applicability + evidence package (ISO 27001/NIST-mapped) responding to an enterprise customer's Information Security Addendum — built largely from an existing, customer-reviewed evidence base.
  • Sign the risk assessment and SoA as the named security officer; be the security contact enterprise vendor-risk teams can call.
  • Sit on 2–3 customer security-diligence calls (enterprise vendor-risk / InfoSec reviewers) alongside the CEO.
  • Validate what we attest against reality with the CTO (controls verification and gap triage: centralized logging, admin RBAC/audit trail, secrets management).
  • Advise on a security-exception / compensating-controls request and, if required, scope a right-sized SOC 2 Type I path (RFQs prepared; you would manage auditor selection and the engagement).
  • Scope and manage our first external penetration test (vendor shortlist ready) and own findings triage with the CTO.
Ongoing — a few hours a quarter
  • Quarterly review of the compliance-calendar output (access reviews, risk-assessment refresh, training, phishing simulations, BC/DR and restore tests).
  • Annual re-attestation support; named contact for customer audits under contractual audit rights.
  • Incident readiness: review our breach-notification runbook (24–72h contractual clocks) and advise if an incident ever triggers it.
  • Tell us when a new deal's requirements genuinely change our posture — versus when to negotiate them down. We optimize for minimum-viable compliance and want a partner who respects that philosophy rather than gold-plating.
What we are looking for
  • Prior CISO / vCISO / security-lead experience at a company that sold to large enterprises — you have personally survived enterprise vendor-risk review (security questionnaires, information-security addenda, right-to-audit clauses) from the vendor side.
  • Hands-on fluency with ISO 27001 / NIST CSF control mapping, SOC 2 (readiness through audit), and pragmatic compensating-controls / security-exception practice.
  • Comfortable being the named, accountable individual — signing SoAs and risk assessments, taking customer calls, standing behind attestations.
  • Technical enough to verify controls in an AWS + Cloudflare stack with the CTO (IAM, KMS, CloudTrail/logging, network posture) — you do not implement, but you cannot be bluffed.
  • Working knowledge of HIPAA applicability analysis (we maintain a no-PHI / not-a-business-associate posture and need it defended, not expanded) and GDPR-adjacent vendor obligations (we have EU counsel; you coordinate, not own).
  • Plain-spoken, fast, allergic to compliance theater. You will be asked "is this actually required, or negotiable?" constantly — we want the honest answer.
  • Bonus: consumer wellness / health-adjacent data classification; EU AI Act awareness; prior work with AI-assisted compliance tooling.
What this is not
  • Not full-time, and no conversion pressure — genuinely fractional.
  • Not a program-build from zero: policies (v1.0), an evidence base, an obligations register, a DPA/SCC pack, and counsel relationships already exist.
  • Not an implementation role: engineering changes belong to the CTO; you verify and advise.
Engagement & compensation

Hourly contract (rate DOE) or an equivalent small monthly block. Front-loaded first 60 days (~15–25 hours), then ~5–10 hours per quarter. Direct line to the CEO and CTO. NDA required; the work references a Fortune-Global-500-scale counterparty under confidentiality.

How to apply

Send a short note covering: (1) an enterprise vendor-security review you got a small company through — what you accepted and what you pushed back on; (2) your hourly rate and availability over the next 60 days. Resume/LinkedIn welcome; the note matters more.

Powered by JazzHR

YacK1k4GNV